An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XTp Link Omada Controller
OSTp-Link< 6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
Related vulnerabilities
CVE-2025-9522MEDIUM5.1ten sam produkt
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted ...
CVE-2025-9290MEDIUM6.0ten sam produkt
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device ...
CVE-2025-9289MEDIUM5.7ten sam produkt
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper ...
CVE-2020-12475MEDIUM5.5ten sam produkt
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link...
CVE-2025-9521LOW2.1ten sam produkt
Podatność Password Confirmation Bypass w kontrolerach Omada, umożliwiająca atakującemu posiadającemu ważny tok...